World governments are trying to figure out how to defend themselves against cyber-warfare, and Estonia leads the way.

The next major war may not be fought with tanks and planes, but rather over the internet. Estonian President Toomas Hendrik recently said, "Today you don't need an Army; all you need is a keystroke."

For several months in late 2009, computer operators in China scoured Google Web pages and networking sites such as Facebook and LinkedIn to gather personal information on high-level Google employees working in China. They used this information to create and send a Google employee (probably a network administrator) an instant message that convincingly appeared to be written by a friend or co-worker. The message contained a link to a computer in Taiwan that the Chinese operators had taken over and loaded with a software "payload" designed to exploit a previously unknown vulnerability in Microsoft's Internet Explorer.

When the Google employee clicked on the link, through her Explorer browser, to a fake but credible website on the Taiwan computer, the payload was secretly delivered to and installed on her computer, creating a virtual "trapdoor." The Chinese operators marched through this trapdoor. They surreptitiously took over the Google employee's machine. Acting from computers in China but appearing to be a trusted user inside Google's computer network in Mountain View, California, they gained access to information about the accounts of democratic dissidents in China as well as some of Google's crown jewels, including its intellectual property, its development plans, and its password system. The same operation that hacked into Google also infiltrated scores of other prominent American information technology and defense firms.

Estonia is a natural center for cyber-defense, in part because it has already fallen victim to large-scale cyber-attacks. The country is highly-networked -- online banking and paying for parking with cell phones are the norm. In 2007, though, computers from more than 100 different countries attacked Estonia's infrastructure, crippling the country's web services. To date, only one person -- a young student -- has been tried and convicted for taking part in the attacks.

Many in the country are now trying their best to make sure an attack like that never happens again. Estonia's Defense Minister, Jaak Aviksoo, told PRI's The World, "In conventional military conflicts, we know more or less what the risks are and how to handle those. In cyber defense we don't know. So it all has to be worked out in the process of fighting real threats."

At the same time, the militaristic mindset surrounding cyber-security may be setting the world up for serious problems in the future. Security expert Bruce Schneier recently wrote for CNN:

We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears.